The field of the disclosure relates generally to cyber-security, and, more specifically, to methods and systems for use in analyzing cyber-security threats in aviation platforms.
At least some known aviation platforms and infrastructures have adopted e-Enabled architectures and technologies to take advantage of operational and performance efficiencies that result from being networked. Aviation platforms and infrastructures are generally complex systems that involve hierarchically-networked embedded systems and controllers having varying operational criticality, reliability, and availability requirements as aviation platforms and infrastructures, both onboard and off-board aircrafts, have become e-Enabled, and as such, may be the targets of cyber-security threats.
Generally, within at least some known platforms, the embedded systems and controllers are hosted on general purpose computing devices, commercial software operating systems, and/or specific custom applications performing intended system functions. Onboard embedded systems and controllers are networked via standards-based protocols to enable seamless integration of the e-Enabled architecture and have increased feature capabilities and functionalities of aviation platforms. However, such integration may also increase the risk of cyber security attacks that leverage existing vulnerabilities of the deployed software and hardware implementations. Some threat vectors exist that only affect system level components, while other threat vectors result in exploits when sub-system implementations are integrated.
Some known general purpose applications provide individual analysis frameworks such as security analysis for networked data flows and formulation of attack/threat trees. Such applications do not provide a unified architectural framework for end-to-end cyber security analysis of complex, highly-networked systems that enable analysts to formulate the system starting at the feature level, and then decompose the data into detailed level implementations to enable a programmatic analysis to determine the likelihood and consequence of current and emerging cyber security threats. Lack of such an application for end-to-end cyber security analysis for aerospace processes/systems may limit the ability to rapidly assess the robustness/availability of aerospace processes/systems to current and emerging cyber security threats in a cost effective manner. In addition, the lack of such an application may also limit the ability of regulatory and/or certification processes to be executed in a timely and cost-effective manner.